Releases: emtunc/SlackPirate
Interactive Mode!
Huge thanks to @Robtova for implementing interactive mode.
You can now run SlackPirate in interactive mode by using the --interactive flag. The tool will run you through the process of copy/pasting the Slack Cookie/Token, choosing a Workspace (or multiple!) and lastly, choosing scan options.
Regex Update
"This regex usually breaks when Slack updates their website - I think I've made it robust enough to withstand future website updates :)"
Unfortunately, my regex skills weren't/aren't leet enough - the response pages now include a funky mix of back slashes and forward slashes.
I updated the regex to simply look for <anything>.slack.com
. Previously it was looking for https://<anything>.slack.com
. It broke because the response now looks like https:\\/\\/<anything>.slack.com
Regex Update
Updated the regex which discovers the Workspaces that a cookie has access to. This regex usually breaks when Slack updates their website - I think I've made it robust enough to withstand future website updates :)
Verbose flag now available
Big thanks to @milangfx and his hard work for this release 👍
- Support for
--verbose
flag which will output .csv files with far more information such as the channel the item was found in, who posted it and my favourite, a perma-link to the message in Slack.
Full list of headers recorded:
'timestamp', 'link', 'channel_id', 'channel_name', 'user_id', 'user_name', 'regex_results'
Better cookie handling and improved credential regex
- Take two. Fix cookie handling (encoding/decoding) for real this time.
- Improved credential harvesting regex. More work to be done here but it's a start.
Handle Cookie URL Encoding
- Cookies that were not URL encoded would fail to retrieve Workspaces and tokens. We now handle this by encoding any cookies that aren't encoded. Thanks @milangfx :)
Fix for downloads and token retrieval
PR: #42
- Fix an issue with downloads crashing out in certain scenarios - thanks @westonlit
- Fix an issue retrieving Workspace tokens using the --cookie flag which was caused by a front end change by Slack
Latest User-Agent headers are now pulled dynamically from an API
- The tool now grabs the latest browser (chrome/firefox) and operating system (windows/osx) from the https://user-agent.io API.
This makes it more difficult to detect the tool in the logs as requests will appear to come from a 'modern and up to date browser'.
Asynchronous File downloads and Optimisations
- Files are now downloaded asynchronously
- File download operation now displays useful information such as current file(s) being downloaded
- Fixed problem where certain file-types would not download properly. This was due to older User-Agent header strings - the list has now been updated with more up-to-date UA strings
More useful messages printed when using --cookie
- Running SlackPirate.py with the --cookie flag will now print whether a token is an admin token or not alongside each Workspace returned.
i.e., if a cookie returns 10 Workspaces, it will be immediately obvious which ones are privileged tokens and which ones aren't.